Cryptographer Derek Zimmer at Private Internet Access blogs about a supercookie built into TLS 1.2 and 1.3 [privateinternetaccess.com]. In principle, the new standards increase both securty and privacy through the use of better algorithms. In practice, the result falls short. Although the problem is worse in the older versions of TLS, a new feature in TLS, 0-RTT, actively impairs the ability to maintain privacy by skipping some renegotiation steps that pertain to generating new keys. Thus web sites and larger networks can follow individual connections as they move around, say home, work, café, etc. Browsers like Firefox contribute to the problem by enabling session IDs, Session Tickets, and 0-RTT are by default even in their so-called Private Mode. It is possible to mitigate this misfeature in a few steps.